AssetExplorer

    Agent-based scanning for AE customers with prior Endpoint Central (formerly Desktop Central) installation


    With the AE 6900 release, agent-based scanning for Windows, Linux, and Mac machines is introduced. This feature is provided by ManageEngine Endpoint Central (formerly Desktop Central). As ME Endpoint Central (formerly Desktop Central) is already installed in your environment, the same installation can be used for scanning Windows, Linux and Mac machines in your environment for the number of nodes purchased in AE
     

    Note for customers already using any other UEMS products other than ME Endpoint Central (formerly Desktop Central)

    If any of the following ME products are installed and used in your environment, we recommend you contact our support before proceeding with this installation for configuring changes in asset inventory.

    1. Patch Manager Plus On-Premise/Cloud

    2. Remote Access Plus On-Premise/Cloud

    3. Device Control Plus

    4. Vulnerability Manager Plus

    5. Patch Manager Plus Cloud

    6. Endpoint Central (formerly Desktop Central) Cloud

     

    Feature changes related to scanning from AE 6900

    • Support for scanning Windows machines using WMI has been removed.

    • Support for scanning Linux and Mac machines using SSH/Telnet has been removed.

    • All Windows, Linux, and Mac machines can be scanned only by installing Endpoint Central (formerly Desktop Central) agents in remote machines.

    About Endpoint Central (formerly Desktop Central)

    Endpoint Central (formerly Desktop Central) is a robust unified endpoint management system. It comprises features like Patch Management, Software Deployment, Endpoint security, OS imaging, and deployment, etc. Agents from Endpoint Central (formerly Desktop Central) improve AssetExplorer' asset scanning functionality by fetching complete hardware details during the scan as well as maintaining the uniformity of data fetched across Windows, Linux, and Mac machines. Endpoint Central (formerly Desktop Central) agent integration also avoids the need to have two agents for users who already have integration between AssetExplorer and Endpoint Central (formerly Desktop Central).

    Features from Endpoint Central (formerly Desktop Central) for existing customers of AE migrating to AE 6900 version

    i. Agent-based inventory of Windows, Mac, and Linux machines

    ii. Warranty information for devices

    iii. Remote control for Windows, Mac, and Linux machines

    iv. Auto upgrade of agents to newer versions

    Other features from Endpoint Central (formerly Desktop Central) for existing customers of AE who migrate to AE 6900 version and later purchase AE UEM Remote Access Plus Add on

    i). Chat *

    ii). Wake-on-LAN *

    iii). Announcement (supported in ServiceDesk Plus and not supported in AssetExplorer) *

    iv). System manager *

     
    Does Endpoint Central (formerly Desktop Central) come for free for existing AE customers?

    No, the inventory and remote control functionalities for Windows, Linux, and Mac machines and warranty information of devices are the only features provided for AE customers through Endpoint Central (formerly Desktop Central) after deployment of Endpoint Central (formerly Desktop Central) agents.

    Ports used in Endpoint Central (formerly Desktop Central)

    Server

    Port

    Purpose

    Type

    Connection

    8383

    For communication between the agent and the Endpoint Central (formerly Desktop Central) server

     

    Source: Agent

     

    Destination: Endpoint Central (formerly Desktop Central) server

     

    HTTPS

    In bound to server

    8027

    The notification server port is responsible for communicating on-demand operations from the server to the agent.

    Source: Agent

    Destination: Endpoint Central (formerly Desktop Central) server


    TCP

    In bound to server

    Tools and Remote Control

    Port

    Purpose

    Type

    Connection

    8444

    For Sharing remote desktops, System Manager, Chat

    Source: Agent

    Destination: Endpoint Central (formerly Desktop Central) server

    HTTP

    In bound to server

    8032

    For transferring files

    Source: Agent

    Destination: Endpoint Central (formerly Desktop Central) server

    HTTP

    In bound to server

    8443

    For Sharing Remote Desktops, System Manager, Chat

    Source: Agent

    Destination: Endpoint Central (formerly Desktop Central) server

    HTTPS/UDP (for voice & video chat)

    In bound to server

    8031

    For transferring files

    Source: Agent

    Destination: Endpoint Central (formerly Desktop Central) server


    HTTPS

    In bound to server

    Database supported by Endpoint Central (formerly Desktop Central)

    By default, Endpoint Central (formerly Desktop Central) gets installed with bundled PGSQL. Endpoint Central (formerly Desktop Central) also supports MSSQL. Please check here for MSSQL versions supported by Endpoint Central (formerly Desktop Central).
    Click here for detailed steps for moving Endpoint Central (formerly Desktop Central) to MSSQL.

    OS supported by Endpoint Central (formerly Desktop Central) agents

    Endpoint Central (formerly Desktop Central) agents can be installed on machines with the following OS

    Windows OS

    • Windows 11

    • Windows 10

    • Windows 8.1

    • Windows 8

    • Windows 7

    • Windows Vista

    • Windows XP

    Windows Server OS

    • Windows server 2019

    • Windows server 2016

    • Windows server 2012 R2

    • Windows server 2012

    • Windows server 2008 R2

    • Windows server 2008

    • Windows server 2003 R2

    • Windows server 2003

    Mac

    • 10.7 Lion

    • 10.8 Mountain Lion

    • 10.9 Mavericks

    • 10.10 Yosemite

    • 10.11 El Capitan

    • 10.12 Sierra

    • 10.13 High Sierra

    • 10.14 Mojave

    • 10.15 Catalina

    • 11.0 Big Sur

    Linux

    • Ubuntu 10.04 and later versions

    • RedHat Enterprise Linux 6 and later versions

    • CentOS 6 and later versions

    • Fedora  19 and later versions

    • Mandriva 2010  and later versions

    • Debian 7 and later versions

    • Linux Mint 13 and later versions

    • Open SuSe 11 and later versions

    • Suse Enterprise Linux 11 and later versions

    • Pardus 17, and 19

    • Oracle Linux Server 6, 7, and 8

    Steps for switching to Endpoint Central (formerly Desktop Central) agents

    Previously, AE agents were supported only for Windows OS, from the 6.9 version of AE, Endpoint Central (formerly Desktop Central) is being used for agent-based scan for Windows, Linux, and Mac OS. Therefore, users are requested to switch to Endpoint Central (formerly Desktop Central) agents.

    Note: If the number of nodes purchased in AE is more than the number of nodes in Endpoint Central (formerly Desktop Central), the older AE agents have to be uninstalled and the new Endpoint Central (formerly Desktop Central) agents have to be installed.


    Below are the steps for switching to Endpoint Central (formerly Desktop Central) agents.

    Step 1: Configuring the Agent settings

    Step 2: Ensure ports used by Endpoint Central (formerly Desktop Central) are open

    Step 3: Downloading Endpoint Central (formerly Desktop Central) agents for Windows, Linux, and Mac machines

    Step 4 : Replacing AE agents with Endpoint Central (formerly Desktop Central) agents in Windows machines

    Step 5 : Uninstalling Windows AE agents

    If step 3 above is not followed and step 5 is followed during the installation of Windows agents, then the old AE agents will still remain in the remote client machines. Follow the below method to uninstall the AE agents.

    You can uninstall the ServiceDesk Plus Windows Agents by executing the UnInstallAgent.vbs as a GPO in Active Directory. The agents will be removed once the machines boot up.

     

    Follow the below steps to configure a GPO in Active Directory

     

    1. Create a network share (e.g,\\MyServer\MyShare).

    2. Download and place UninstallAgent.vbs

    3. From your Domain Controller, click Start >> run >> enter gpmc.msc and click OK. If gpmc is not installed in your Active Directory, install gpmc and proceed.

    4. Right-click the domain and select Create and Link a GPO and specify a name for GPO.

    5. Right-click the GPO and click Edit.

    1. Select Computer Configuration>>Windows Settings>>Scripts and right-click Startup and click Properties.

    1. Click Show Files and drag and drop the UninstallAgent.vbs(downloaded above) to this location and close.

    1. In the Startup Properties dialog box, click <strong>Add.</strong>

    2. Browse and select the UninstallAgent.vbs script.

    1. Click OK to close the Add a Script dialog box and the Startup Properties dialog box 

    1. Close the Group Policy Object Editor and Group Policy Management dialog box.

    The agent will be uninstalled automatically when the client computers start.

    Step 6 : Other methods for deploying Endpoint Central (formerly Desktop Central) agents in Windows

    Step 7: Imaging a Windows computer with a Endpoint Central (formerly Desktop Central) agent

    Step 8: Deploying Endpoint Central (formerly Desktop Central) agents in Linux

    Step 9: Deploying Endpoint Central (formerly Desktop Central) agents in Mac

    Step 10: What if Remote AE servers are used?

    Step 11: Procedure for AE running with Fail Over Service(FOS) enabled

    Agent - Server communication in Endpoint Central (formerly Desktop Central)

     

    Operations such as scanning a device, taking remote control of a device or tools action from AE is performed in the remote machines through Endpoint Central (formerly Desktop Central) server and Endpoint Central (formerly Desktop Central) agents.

    The Endpoint Central (formerly Desktop Central) agent communicates with the Endpoint Central (formerly Desktop Central) server immediately after its installation in the remote machine and posts the inventory data. The Endpoint Central (formerly Desktop Central) agent communicates with the Endpoint Central (formerly Desktop Central) server through HTTPS during system startup and every 90 minutes thereafter till the system is shut down, gets the actions to be performed in the remote machine, and executes it. This 90 minutes policy is majorly used for any asynchronous operations like schedule scan, any agent configuration changes, etc.

    Endpoint Central (formerly Desktop Central) agents also establish a session with the Endpoint Central (formerly Desktop Central) server through TCP for getting notified for actions that have to be executed on demand like Scan Now or remote control.


    Is agent server communication secure?

    By default, the Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted HTTPS communication between agent and server. These configurations can be enabled under Agent security settings


    Enable certificate-based authentication for agent-server communication

    Enabling this option would have the agent-server communication with client certificate authentication. Enabling this option in AE would in turn enable this setting in Endpoint Central (formerly Desktop Central) too. Click here for more details on the procedure.


    Enable agent-server trusted communication

    Before enabling this setting, it is required that a valid third-party SSL certificate is applied in Endpoint Central (formerly Desktop Central). Click here for steps to configure SSL certificate in Endpoint Central (formerly Desktop Central), this has to be done only from the Endpoint Central (formerly Desktop Central) console.


      Note: Once this setting is enabled it cannot be disabled again as the agents will fail to communicate with the server again. Enabling this setting would enable it in Endpoint Central (formerly Desktop Central) too and have the agent-server communication to be trusted. Click here for a detailed procedure.

     


    Agent resource utilization

    All the below data are predicted from a single agent machine. Disk space will be consumed up to 1GB (approximately) from the agent installed drive.

     

    Agent Process

    Running application name

    Bandwidth consumption(approximately)

    CPU consumption(approximately)

    Memory (RAM) consumption (approximately)

    At Agent Idle state

    dcagentservice.exedcondemand.exedcagenttrayicon.exe(Running separateapplication for eachlogged on user)(For windows andMac)[ Above 3 are everrunning processes ]

    1 Kbps

    0-2%

    11 MB

    Refresh policy(90 mins once -without any deployment)

    dcconfig.exe

    4KB

    0-2%

    6MB

    Inventory scan(At Scheduled time in server)

    dcinventory.exe

    2MB

    17-20%

    14MB

    Agent Upgrade(Applying PPMand If agentversionchanges)

    dcconfig.exe

    AgentUpgrader.exe

    20MB

    2-5%

    3MB

     

     

     

     

     

     

    Zoho Corp. All rights reserved.